{"id":2265,"date":"2016-07-20T07:53:40","date_gmt":"2016-07-20T11:53:40","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2265"},"modified":"2019-11-15T14:59:26","modified_gmt":"2019-11-15T11:59:26","slug":"ranscam-ransomware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/ranscam-ransomware\/2265\/","title":{"rendered":"Fidye \u00f6deyip \u00f6demedi\u011finizi \u00f6nemsemeyen Ranscam"},"content":{"rendered":"<p>Bir fidye yaz\u0131l\u0131m\u0131 bula\u015ft\u0131\u011f\u0131nda, istenilen fidyeyi verip minimum ba\u015f a\u011fr\u0131s\u0131 ile elektronik hayat\u0131n\u0131z\u0131 geri almaya de\u011fer mi diye d\u00fc\u015f\u00fcnmeniz normaldir. Biz Kaspersky Lab olarak, hi\u00e7bir \u015fekilde fidye \u00f6demenizi \u00f6nermiyoruz, ama Ranscam isimli fidye yaz\u0131l\u0131m\u0131 durumunda, ger\u00e7ekten hi\u00e7 \u015fans yok: ne olursa olsun dosyalar\u0131 siliyor.<\/p>\n<p>Bu yeni zararl\u0131 yaz\u0131l\u0131m hakk\u0131ndaki Threatpost <a href=\"https:\/\/threatpost.com\/ranscam-ransomware-deletes-victims-files-outright\/119197\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">yaz\u0131s\u0131<\/a>, bu fidye yaz\u0131l\u0131m\u0131n\u0131 di\u011ferlerinden farkl\u0131 k\u0131lan nefes kesen bir \u00f6zelli\u011fi var. Ranscam ya \u00fc\u015fenge\u00e7 bir yaz\u0131l\u0131m ya da tamamlanmam\u0131\u015f bir yaz\u0131l\u0131m.<\/p>\n<p>Halbuki normal bir fidye yaz\u0131l\u0131m\u0131, hedefin paras\u0131n\u0131 almaya odaklan\u0131r. Ve bazen \u015fifreledi\u011fi dosyalar\u0131 a\u00e7ar, bazen a\u00e7maz. Ranscam ise tamamen aldatmaca.<br>\n<strong><br>\nRanscam nas\u0131l \u00e7al\u0131\u015f\u0131r<\/strong><br>\nBu fidye yaz\u0131l\u0131m\u0131 bilgisayar bula\u015ft\u0131ktan sonra, kullan\u0131c\u0131n\u0131n g\u00f6rece\u011fi ilk \u015fey bir bilgilendirme notu. Klasik bir fidye yaz\u0131l\u0131m\u0131 ekran\u0131 gibi g\u00f6z\u00fckebilir ama ufak bir fark var. Kullan\u0131c\u0131lar\u0131 \u00f6deme y\u00f6ntemlerine y\u00f6nlendirmek yerine \u201d\u00f6dememi yapt\u0131m, l\u00fctfen do\u011frulay\u0131n\u201d yazan t\u0131klanabilen bir yer var.<br>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2267\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2016\/07\/06014051\/RansomNote.jpg\" alt=\"RansomNote\" width=\"640\" height=\"450\"><\/p>\n<p>Ger\u00e7ekte, durum san\u0131ld\u0131\u011f\u0131 gibi de\u011fil. Kullan\u0131c\u0131 ne zaman bu se\u00e7ene\u011fe t\u0131klasa, \u201d\u00f6demenin yap\u0131lmad\u0131\u011f\u0131n\u0131, \u00f6deme yap\u0131lmadan her bas\u0131ld\u0131\u011f\u0131nda bir dosyan\u0131n tamamen silinece\u011fini\u201d s\u00f6yleyen bir mesaj geliyor. Bu da kullan\u0131c\u0131lar\u0131 stres alt\u0131nda b\u0131rakarak birka\u00e7 defa \u00f6deme yapmas\u0131n\u0131 sa\u011flamay\u0131 ama\u00e7l\u0131yor.<\/p>\n<p>Anlad\u0131\u011f\u0131n\u0131z gibi, evet bu bir bl\u00f6f \u2013 ama bu kullan\u0131c\u0131 i\u00e7in iyi bir haber anlam\u0131na gelmiyor. Fidye yaz\u0131l\u0131m\u0131 dosyalar\u0131n \u201dgizli, \u015fifrelenmi\u015f b\u00f6l\u00fcm\u201d i\u00e7erisinde sakland\u0131\u011f\u0131n\u0131 s\u00f6yl\u00fcyor ama ger\u00e7ekte, fidye mesaj\u0131n\u0131 g\u00f6stermeden \u00f6nce dosyalar\u0131 \u00e7oktan silmi\u015f oluyor. Ve bu dosyalar\u0131 geri getirmenin hi\u00e7bir yolu yok.<\/p>\n<p>Cisco\u2019s Talos G\u00fcvenlik \u0130stihbarat ve Ara\u015ft\u0131rma Grubu ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n <a href=\"http:\/\/blog.talosintel.com\/2016\/07\/ranscam.html#more\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">a\u00e7\u0131klamas\u0131na<\/a> g\u00f6re, dosyalar\u0131 yok etmelerinin sebebi, siber su\u00e7lular\u0131n crypto \u015fifrelemeyi \u00e7\u00f6zmeyi \u00f6\u011frenmeye gerek g\u00f6rmemeleri.<\/p>\n<p>Bu noktada Ranscam\u2019\u0131n hi\u00e7bir b\u00fcy\u00fck sald\u0131r\u0131 ile alakas\u0131 yok; ama bizim i\u00e7in hat\u0131rlat\u0131c\u0131 g\u00f6revi g\u00f6r\u00fcyor \u2018fidye \u00f6demek i\u015fe yaramayabilir\u2019 (siber su\u00e7lular\u0131n fidyelerini \u00f6demek onlara bu y\u00f6ntemin i\u015fe yarad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnd\u00fcr\u00fcr).<\/p>\n<p>Daha \u00f6nce de belirtti\u011fimiz gibi, Ranscam taraf\u0131ndan silinmi\u015f dosyalar\u0131 geri getirmenin hi\u00e7bir yolu yok: korunman\u0131n tek yolu, \u00f6nceden haz\u0131rl\u0131kl\u0131 olmaz. Bu y\u00fczden basit bir plan \u00f6neriyoruz.<\/p>\n<ol>\n<li><strong>Maillerde gelen ekleri a\u00e7may\u0131n ve bilmedi\u011finiz linklere t\u0131klamay\u0131n.<\/strong> Ranscam\u2019\u0131n nas\u0131l yay\u0131lma y\u00f6ntemleri hakk\u0131nda \u00e7ok \u015fey bilmiyoruz, ama ola\u011fan \u015f\u00fcpheler e-mail ekleriyle ya da hacklenmi\u015f internet sitelerinden bula\u015ft\u0131\u011f\u0131 y\u00f6n\u00fcnde. K\u0131sacas\u0131 %100 emin de\u011filseniz, t\u0131klamay\u0131n.<\/li>\n<li><strong>Verilerinizi d\u00fczenli olarak yedekleyin ve internet ba\u011flant\u0131s\u0131 olmayan \u00e7\u0131kar\u0131labilir bir ortamda saklay\u0131n.<\/strong> E\u011fer herhangi bir fidye yaz\u0131l\u0131m\u0131 bilgisayar\u0131n\u0131za bula\u015f\u0131r ya da dosyalar\u0131n\u0131z\u0131 silerse, g\u00fcvendesiniz \u2013 kopyalar\u0131n\u0131z var.<\/li>\n<li><strong>G\u00fcvenilir anti vir\u00fcs \u00e7\u00f6z\u00fclm\u00fc kullan\u0131n.<\/strong> <a href=\"http:\/\/kas.pr\/kdkistr\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Internet Security<\/a>r, Ranscam\u2019\u0131 Trojan-Rans\u0131m.MSIL.Agent olarak tan\u0131yor ve siber su\u00e7lulara dosyalar\u0131n\u0131za zarar vermesine imkan sa\u011flam\u0131yor.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Bir fidye yaz\u0131l\u0131m\u0131 bula\u015ft\u0131\u011f\u0131nda, istenilen fidyeyi verip minimum ba\u015f a\u011fr\u0131s\u0131 ile elektronik hayat\u0131n\u0131z\u0131 geri almaya de\u011fer mi diye d\u00fc\u015f\u00fcnmeniz normaldir. Biz Kaspersky Lab olarak, hi\u00e7bir \u015fekilde fidye \u00f6demenizi \u00f6nermiyoruz, ama<\/p>\n","protected":false},"author":2045,"featured_media":2266,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[912,591,744,911,537,553],"class_list":{"0":"post-2265","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-aldatmaca","10":"tag-fidye-yazilimi","11":"tag-guvenlik","12":"tag-ranscam","13":"tag-tehditler","14":"tag-zararli-yazilim-2"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ranscam-ransomware\/2265\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ranscam-ransomware\/7402\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ranscam-ransomware\/7428\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ranscam-ransomware\/7375\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ranscam-ransomware\/8707\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ranscam-ransomware\/8595\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ranscam-ransomware\/12488\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ranscam-ransomware\/12583\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ranscam-ransomware\/5820\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ranscam-ransomware\/6478\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/ranscam-ransomware\/5116\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ranscam-ransomware\/8171\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ranscam-ransomware\/11991\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ranscam-ransomware\/12488\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ranscam-ransomware\/12583\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ranscam-ransomware\/12583\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/aldatmaca\/","name":"aldatmaca"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2045"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2265"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2265\/revisions"}],"predecessor-version":[{"id":7171,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2265\/revisions\/7171"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2266"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}